{"id":718970,"date":"2023-05-05T04:50:25","date_gmt":"2023-05-05T06:50:25","guid":{"rendered":"https:\/\/teknomers.com\/fr\/cisco-met-en-garde-contre-la-vulnerabilite-dun-adaptateur-telephonique-populaire-et-demande-instamment-la-migration-vers-un-modele-plus-recent\/"},"modified":"2023-05-05T04:50:29","modified_gmt":"2023-05-05T06:50:29","slug":"cisco-met-en-garde-contre-la-vulnerabilite-dun-adaptateur-telephonique-populaire-et-demande-instamment-la-migration-vers-un-modele-plus-recent","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/cisco-met-en-garde-contre-la-vulnerabilite-dun-adaptateur-telephonique-populaire-et-demande-instamment-la-migration-vers-un-modele-plus-recent\/","title":{"rendered":"Cisco met en garde contre la vuln\u00e9rabilit\u00e9 d&#8217;un adaptateur t\u00e9l\u00e9phonique populaire et demande instamment la migration vers un mod\u00e8le plus r\u00e9cent"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">05 mai 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Cisco a mis en garde contre une faille de s\u00e9curit\u00e9 critique dans les adaptateurs t\u00e9l\u00e9phoniques SPA112 \u00e0 2 ports qui, selon lui, pourrait \u00eatre exploit\u00e9e par un attaquant distant pour ex\u00e9cuter du code arbitraire sur les appareils concern\u00e9s.<\/p>\n<p>Le probl\u00e8me, suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20126\" target=\"_blank\"><strong>CVE-2023-20126<\/strong><\/a>, est not\u00e9 9,8 sur un maximum de 10 sur le syst\u00e8me de notation CVSS.  La soci\u00e9t\u00e9 a cr\u00e9dit\u00e9 Catalpa de DBappSecurity pour avoir signal\u00e9 la lacune.<\/p>\n<p>Le <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/unified-communications\/spa112-2-port-phone-adapter\/index.html\" target=\"_blank\">produit en cause<\/a> permet de connecter des t\u00e9l\u00e9phones analogiques et des t\u00e9l\u00e9copieurs \u00e0 un fournisseur de services VoIP sans n\u00e9cessiter de mise \u00e0 niveau.<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tr60percentstatic-inside-1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/05\/1682937111_165_Un-acteur-vietnamien-de-la-menace-infecte-500-000-appareils.png\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;Cette vuln\u00e9rabilit\u00e9 est due \u00e0 un processus d&#8217;authentification manquant dans la fonction de mise \u00e0 jour du micrologiciel&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-spa-unauth-upgrade-UqhyTWW\" target=\"_blank\">a dit<\/a> dans un bulletin.<\/p>\n<p>&#8220;Un attaquant pourrait exploiter cette vuln\u00e9rabilit\u00e9 en mettant \u00e0 niveau un appareil affect\u00e9 vers une version sp\u00e9cialement con\u00e7ue du micrologiciel. Un exploit r\u00e9ussi pourrait permettre \u00e0 l&#8217;attaquant d&#8217;ex\u00e9cuter du code arbitraire sur l&#8217;appareil affect\u00e9 avec tous les privil\u00e8ges.&#8221;<\/p>\n<p>Malgr\u00e9 la gravit\u00e9 de la faille, le fabricant d&#8217;\u00e9quipements de r\u00e9seau a d\u00e9clar\u00e9 qu&#8217;il n&#8217;avait pas l&#8217;intention de publier de correctifs car les appareils ont atteint le statut de fin de vie (EoL) au 1er juin 2020.<\/p>\n<p>Il recommande plut\u00f4t aux utilisateurs de migrer vers un adaptateur de t\u00e9l\u00e9phone analogique de la gamme Cisco ATA 190, qui est configur\u00e9 pour recevoir ses <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/unified-communications\/ata-190-series-analog-telephone-adapters\/eos-eol-notice-c51-741354.html\" target=\"_blank\">derni\u00e8re mise \u00e0 jour<\/a> le 31 mars 2024. Il n&#8217;y a aucune preuve que la faille ait \u00e9t\u00e9 exploit\u00e9e de mani\u00e8re malveillante dans la nature.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/05\/cisco-warns-of-vulnerability-in-popular.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80205 mai 2023\ue804Ravie LakshmananVuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 du r\u00e9seau Cisco a mis en garde contre une faille de s\u00e9curit\u00e9 critique dans les adaptateurs t\u00e9l\u00e9phoniques SPA112 \u00e0 2 ports qui, selon lui, pourrait \u00eatre exploit\u00e9e par un attaquant distant pour ex\u00e9cuter du code arbitraire sur les appareils concern\u00e9s. Le probl\u00e8me, suivi comme CVE-2023-20126, est not\u00e9 9,8 sur [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":718971,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[160516,5859,4168,841,4158,4165,4161,442,74,525,29214,4157,4159,4171,4170,4167,4955,36260,4160,2275,4163,4162,440,22947,4172,4169,11803,1218,4166,3667,4164],"class_list":["post-718970","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-adaptateur","tag-cisco","tag-comment-pirater","tag-contre","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-demande","tag-dun","tag-garde","tag-instamment","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-met","tag-migration","tag-mises-a-jour-de-la-cybersecurite","tag-modele","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-populaire","tag-recent","tag-securite-informatique","tag-securite-internet","tag-telephonique","tag-vers","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/718970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=718970"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/718970\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/718971"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=718970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=718970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=718970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}